There is a comment in exit.php about spamming attacks (around line 27) when the ?url parameter is used, but still any URL is accepted in this part of the code.
If the "Track exits" option is enabled, anyone can use this to make it appear like a link is on the targeted website, example (not working, because tracking is off):
Code: Select all
https://blog.s9y.org/exit.php?url=aHR0cHM6Ly9nb29nbGUuY29t
Serendipity should be using $url_id and $entry_id everywhere, no need to use $url at all.